CVE-2023-45077
First published: Wed Nov 08 2023(Updated: )
A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo Ideacentre C5-14IMB05 | <o4hkt3ca | |
| Lenovo Ideacentre C5-14MB05 Firmware | ||
| Lenovo ideacentre 3-07ada05 | <o4fkt39a | |
| Lenovo ideacentre 3-07ada05 firmware | ||
| Lenovo ideacentre 3-07imb05 | <m2vkt21a | |
| Lenovo ideacentre 3-07imb05 firmware | ||
| Lenovo ideacentre g5-14imb05 | <o4hkt3ca | |
| Lenovo ideacentre g5-14imb05 firmware | ||
| Lenovo Ideacentre Creator 5-14iob6 Firmware | <m3gkt3da | |
| Lenovo Ideacentre Gaming 5-14iob6 Firmware | ||
| Lenovo Ideacentre Creator 5-14iob6 Firmware | <m3gkt3da | |
| Lenovo Ideacentre Creator 5-14iob6 Firmware | ||
| Lenovo IdeaCentre G5-14AMR05 Firmware | <o4zkt2ba | |
| Lenovo ideacentre G5-14AMR05 firmware | ||
| Lenovo Ideacentre Creator 5-14iob6 | <m3gkt3da | |
| Lenovo Ideacentre Gaming 5-14iob6 Firmware | ||
| Lenovo Ideacentre Mini 5 | <o53kt10a | |
| Lenovo Ideacentre Mini 5 | ||
| Lenovo Ideacentre Mini 5-01imh05 Firmware | <o4ekt1ba | |
| Lenovo Ideacentre Mini 5-01imh05 Firmware | ||
| Lenovo Legion T7-34IMZ5 | <o5fkt17a | |
| Lenovo Legion T7-34IMZ5 | ||
| Lenovo ThinkCentre M625q | <m1wkt52a | |
| Lenovo ThinkCentre M625q Firmware | ||
| Lenovo ThinkCentre M630e | ||
| Lenovo ThinkCentre M630e | ||
| Lenovo ThinkCentre M70a | <m2skt29a | |
| Lenovo ThinkCentre M70a Gen 3 | ||
| Lenovo ThinkCentre M920z All-in-One Firmware | <m1mkt56a | |
| Lenovo ThinkCentre M920z All-in-One Firmware | ||
| Lenovo Ideacentre M920x Firmware | <m1ukt72a | |
| Lenovo Ideacentre M920x | ||
| Lenovo Ideacentre M920t Firmware | <m1ukt72a | |
| Lenovo ThinkCentre M920t | ||
| Lenovo ThinkCentre M920s Firmware | <m1ukt72a | |
| Lenovo ThinkCentre M920s Firmware | ||
| Lenovo Ideacentre M920q Firmware | <m1ukt72a | |
| Lenovo ThinkCentre M920q | ||
| Lenovo Thinkcentre M90t Firmware | <m2tkt55a | |
| Lenovo ThinkCentre M90t Gen 3 | ||
| Lenovo ThinkCentre M90s Firmware | <m2tkt55a | |
| Lenovo ThinkCentre M90s Gen 3 | ||
| Lenovo Ideacentre M90q Tiny Firmware | <m2wkt5aa | |
| Lenovo ThinkCentre M90q Gen 3 | ||
| Lenovo Thinkcentre M90a Gen 2 Firmware | <m2rkt57a | |
| Lenovo ThinkCentre M90a Tiny | ||
| Lenovo Ideacentre M820z All-in-one | <m1nkt62a | |
| Lenovo Thinkcentre M820z All-in-One | ||
| Lenovo ThinkCentre M80t Firmware | <m2tkt55a | |
| Lenovo ThinkCentre M80t Gen 3 | ||
| Lenovo Ideacentre M80s Firmware | <m2tkt55a | |
| Lenovo ThinkCentre M80s Gen 3 | ||
| Lenovo Ideacentre M80q | <m2wkt5aa | |
| Lenovo Ideacentre M80q | ||
| Lenovo Ideacentre M75t Gen 2 | ||
| Lenovo Thinkcentre M75t Gen 2 Firmware | ||
| Lenovo Ideacentre M75s Gen 2 Firmware | ||
| Lenovo Ideacentre M75s Gen 2 Firmware | ||
| Lenovo Ideacentre M75q Gen 2 | <m47kt30a | |
| Lenovo Ideacentre M75q Gen 2 | ||
| Lenovo Thinkcentre M75n | <m33kt27a | |
| Lenovo Thinkcentre M75n | ||
| Lenovo Ideacentre M720t Firmware | <m1ukt72a | |
| Lenovo ThinkCentre M720t | ||
| Lenovo ThinkCentre M720s Firmware | <m1ukt72a | |
| Lenovo ThinkCentre M720s | ||
| Lenovo ThinkCentre M720q Firmware | <m1ukt72a | |
| Lenovo ThinkCentre M720q | ||
| Lenovo ThinkCentre M70t | <m2tkt55a | |
| Lenovo ThinkCentre M70t | ||
| Lenovo ThinkCentre M70s Firmware | <m2tkt55a | |
| Lenovo ThinkCentre M70s | ||
| Lenovo Thinkcentre M70q Firmware | <m2wkt5aa | |
| Lenovo Thinkcentre M70q Firmware | ||
| Lenovo Thinkcentre M70c Firmware | <m2vkt21a | |
| Lenovo ThinkCentre M70c | ||
| Lenovo V50t-13iob G2 | <m3gkt3da | |
| Lenovo V50t-13iob | ||
| Lenovo V55t Gen 2 13ACN | <o5jkt23a | |
| Lenovo V55t Gen 2 13ACN | ||
| Lenovo v50t-13imh firmware | <m4pkt13a | |
| Lenovo v50t-13imh firmware | ||
| Lenovo V50t-13imb G2 Firmware | <o4hkt3ca | |
| Lenovo V50t-13imb G2 Firmware | ||
| Lenovo V50s-07imb | <m2vkt21a | |
| Lenovo V50s-07imb | ||
| Lenovo v50a-24imb | <m36kt32a | |
| Lenovo V50a-24imb | ||
| Lenovo V50a-22IMB Firmware | <m36kt32a | |
| Lenovo V50a-22IMB Firmware | ||
| Lenovo v30a-24iml | <m37kt31a | |
| Lenovo V30a-24IML | ||
| Lenovo V30a-22iml Firmware | <m37kt31a | |
| Lenovo V30a-22iml Firmware | ||
| Lenovo ThinkEdge SE30 Firmware | <m3fkt2da | |
| Lenovo ThinkEdge SE30 Firmware | ||
| Lenovo ThinkStation P920 Workstation | ||
| Lenovo ThinkStation P920 Workstation | ||
| Lenovo ThinkStation P720 Workstation Firmware | ||
| Lenovo ThinkStation P720 Workstation Firmware | ||
| Lenovo Thinkstation P520c Workstation Firmware | ||
| Lenovo Thinkstation P520c Workstation Firmware | ||
| Lenovo Thinkstation P520 Workstation Firmware | ||
| Lenovo ThinkStation P520 | ||
| Lenovo ThinkStation P360 Ultra Workstation Firmware | ||
| Lenovo Thinkstation P360 | ||
| Lenovo ThinkStation P360 Ultra Workstation Firmware | <s0ekt45a | |
| Lenovo Thinkstation P350 Workstation Firmware | ||
| Lenovo Thinkstation P350 Workstation | ||
| Lenovo ThinkStation P348 Workstation Firmware | <m3kkt3ba | |
| Lenovo Thinkstation P348 | ||
| Lenovo Thinkstation P340 Workstation Firmware | <s08kt55a | |
| Lenovo Thinkstation P340 Workstation Firmware | ||
| Lenovo Thinkstation P340 Tiny Firmware | <m2wkt5aa | |
| Lenovo Thinkstation P340 Tiny Workstation | ||
| Lenovo ThinkStation P330 Gen 2 Firmware | <m1vkt72a | |
| Lenovo Thinkstation P330 Workstation | ||
| Lenovo ThinkStation P330 Tiny Workstation Firmware | <m1vkt72a | |
| Lenovo ThinkStation P330 Tiny | ||
| Lenovo ThinkStation P330 Tiny Firmware | <m1ukt72a | |
| Lenovo ThinkStation P330 Tiny Workstation Firmware | ||
| Lenovo Thinkstation P320 Workstation Firmware | <s06kt64a | |
| Lenovo Thinkstation P320 Tiny Workstation |
Remedy
Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-45077?
CVE-2023-45077 has been classified as a medium severity vulnerability due to the potential for local attackers with elevated privileges to exploit it.
How do I fix CVE-2023-45077?
To fix CVE-2023-45077, users should update the firmware of affected Lenovo devices to the latest version provided by Lenovo.
Which devices are affected by CVE-2023-45077?
CVE-2023-45077 affects various Lenovo Ideacentre and Thinkcentre models with specific firmware versions, including multiple Ideacentre models and Thinkcentre's M series.
Who is impacted by CVE-2023-45077?
Local users with elevated privileges may be impacted by CVE-2023-45077 as it allows them to write to NVRAM variables.
What are the risks associated with CVE-2023-45077?
The main risk associated with CVE-2023-45077 is the potential exploitation by a local attacker to manipulate NVRAM settings, which could lead to system instability or unauthorized access.
- agent/type
- agent/event
- agent/first-publish-date
- agent/remedy
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/lenovo
- canonical/lenovo ideacentre c5-14imb05
- canonical/lenovo ideacentre c5-14mb05 firmware
- canonical/lenovo ideacentre 3-07ada05
- canonical/lenovo ideacentre 3-07ada05 firmware
- canonical/lenovo ideacentre 3-07imb05
- canonical/lenovo ideacentre 3-07imb05 firmware
- canonical/lenovo ideacentre g5-14imb05
- canonical/lenovo ideacentre g5-14imb05 firmware
- canonical/lenovo ideacentre creator 5-14iob6 firmware
- canonical/lenovo ideacentre gaming 5-14iob6 firmware
- canonical/lenovo ideacentre g5-14amr05 firmware
- canonical/lenovo ideacentre creator 5-14iob6
- canonical/lenovo ideacentre mini 5
- canonical/lenovo ideacentre mini 5-01imh05 firmware
- canonical/lenovo legion t7-34imz5
- canonical/lenovo thinkcentre m625q
- canonical/lenovo thinkcentre m625q firmware
- canonical/lenovo thinkcentre m630e
- canonical/lenovo thinkcentre m70a
- canonical/lenovo thinkcentre m70a gen 3
- canonical/lenovo thinkcentre m920z all-in-one firmware
- canonical/lenovo ideacentre m920x firmware
- canonical/lenovo ideacentre m920x
- canonical/lenovo ideacentre m920t firmware
- canonical/lenovo thinkcentre m920t
- canonical/lenovo thinkcentre m920s firmware
- canonical/lenovo ideacentre m920q firmware
- canonical/lenovo thinkcentre m920q
- canonical/lenovo thinkcentre m90t firmware
- canonical/lenovo thinkcentre m90t gen 3
- canonical/lenovo thinkcentre m90s firmware
- canonical/lenovo thinkcentre m90s gen 3
- canonical/lenovo ideacentre m90q tiny firmware
- canonical/lenovo thinkcentre m90q gen 3
- canonical/lenovo thinkcentre m90a gen 2 firmware
- canonical/lenovo thinkcentre m90a tiny
- canonical/lenovo ideacentre m820z all-in-one
- canonical/lenovo thinkcentre m820z all-in-one
- canonical/lenovo thinkcentre m80t firmware
- canonical/lenovo thinkcentre m80t gen 3
- canonical/lenovo ideacentre m80s firmware
- canonical/lenovo thinkcentre m80s gen 3
- canonical/lenovo ideacentre m80q
- canonical/lenovo ideacentre m75t gen 2
- canonical/lenovo thinkcentre m75t gen 2 firmware
- canonical/lenovo ideacentre m75s gen 2 firmware
- canonical/lenovo ideacentre m75q gen 2
- canonical/lenovo thinkcentre m75n
- canonical/lenovo ideacentre m720t firmware
- canonical/lenovo thinkcentre m720t
- canonical/lenovo thinkcentre m720s firmware
- canonical/lenovo thinkcentre m720s
- canonical/lenovo thinkcentre m720q firmware
- canonical/lenovo thinkcentre m720q
- canonical/lenovo thinkcentre m70t
- canonical/lenovo thinkcentre m70s firmware
- canonical/lenovo thinkcentre m70s
- canonical/lenovo thinkcentre m70q firmware
- canonical/lenovo thinkcentre m70c firmware
- canonical/lenovo thinkcentre m70c
- canonical/lenovo v50t-13iob g2
- canonical/lenovo v50t-13iob
- canonical/lenovo v55t gen 2 13acn
- canonical/lenovo v50t-13imh firmware
- canonical/lenovo v50t-13imb g2 firmware
- canonical/lenovo v50s-07imb
- canonical/lenovo v50a-24imb
- canonical/lenovo v50a-22imb firmware
- canonical/lenovo v30a-24iml
- canonical/lenovo v30a-22iml firmware
- canonical/lenovo thinkedge se30 firmware
- canonical/lenovo thinkstation p920 workstation
- canonical/lenovo thinkstation p720 workstation firmware
- canonical/lenovo thinkstation p520c workstation firmware
- canonical/lenovo thinkstation p520 workstation firmware
- canonical/lenovo thinkstation p520
- canonical/lenovo thinkstation p360 ultra workstation firmware
- canonical/lenovo thinkstation p360
- canonical/lenovo thinkstation p350 workstation firmware
- canonical/lenovo thinkstation p350 workstation
- canonical/lenovo thinkstation p348 workstation firmware
- canonical/lenovo thinkstation p348
- canonical/lenovo thinkstation p340 workstation firmware
- canonical/lenovo thinkstation p340 tiny firmware
- canonical/lenovo thinkstation p340 tiny workstation
- canonical/lenovo thinkstation p330 gen 2 firmware
- canonical/lenovo thinkstation p330 workstation
- canonical/lenovo thinkstation p330 tiny workstation firmware
- canonical/lenovo thinkstation p330 tiny
- canonical/lenovo thinkstation p330 tiny firmware
- canonical/lenovo thinkstation p320 workstation firmware
- canonical/lenovo thinkstation p320 tiny workstation